[Pkg-javascript-devel] [RFS] node-jsonld
Jonas Smedegaard
jonas at jones.dk
Tue Mar 17 18:22:39 GMT 2020
Quoting Nilesh Patra (2020-02-02 18:51:01)
> On Sun, 2 Feb 2020 at 22:48, Jonas Smedegaard <jonas at jones.dk> wrote:
>
> > Quoting Nilesh Patra (2020-02-02 16:01:57)
> > > I fixed node-jsonld to build with Node.js >= 12. It builds fine in
> > > a clean chroot, and autopkgtests pass.
[...]
> > I reduced your module resolving patch to only add /usr/share/nodejs
> > - if the two relative paths ('.' and 'node_modules') are really
> > needed then please explain why (again, I may very well have missed
> > something, but it looks to me like a dirty hack which might cause
> > trouble at least on non-clean build environments).
> >
>
> I have faced issues with webpack failing to resolve modules when they
> are embedded.
> I added that in to avoid webpack failing to recognize those, if in
> case modules are embedded in future.
I have now identified that webpack.config.js needs the following:
+ resolve: {
+ modules: ['/usr/lib/nodejs','/usr/share/nodejs','/usr/share/nodejs/babel-runtime/node_modules'],
+ },
+ resolveLoader: {
+ modules: ['/usr/lib/nodejs','/usr/share/nodejs'],
+ },
To me that smells of an error in node-babel-runtime.
I strongly recommend to *revert* any and all packages where resolve
paths have been patched to include '.' and/or './node_modules' as I
suspect that to not only be wrong but also be a security risk similar to
shell PATH or perl/python/ruby/whatever module-loaders including ".".
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20200317/f7e5f128/attachment.sig>
More information about the Pkg-javascript-devel
mailing list